newexperimental on radius
Si St
sigbj-st at operamail.com
Mon Apr 14 12:49:47 CEST 2008
-ASUS-laptop(SuSE 10 and WinXP),HP-laptop(Win-Vista only),ACER-laptop(WinXP only),HPC-workstation(SLED Novell-SuSE and WinXP).
-Dlink DIR-635 router
-Zyxel Prestige 600 ADSL modem
-FreeRADIUS Version 1.0.4
Q: Could anybody tell me what kind of password is to be set on the router configuration to enable RADIUS setup?
The router states that the password has to correspond with the password in the radius, but which one and how?
It is boxed as "RADIUS-Server Shared Secret"
What file does it correspond with? The secret in clients.conf?
And what password is the YaST asking for when configuring the networkcard with WPA-EAP? The same password or another?
In YaST it is asked for 1)Identity, 2)Password, 3)Client-Zertifikat and 4)Server-Zertifikat
It is number 1 and 2 I am wondering about
I have tried to read carefully about RADIUS in the documentation in SuSE and on the web.
I have also tried out to run the CA.pl and CA.all as to certificates for web and radius EAP-TLS. It is so far just practice and tryouts for me now.
I have several machines PCs at home with SuSE_10.0,SuSE_Linux_Enterprise_Desktop_SP1,WinXP and WinVista. I would like to try out Radius for Internet connections.
Q: Is it difficult to make EAP-TLS work with windows, and should I use EAP-TTLS instead or PEAP?
I am eager to have these things work in the end, but I try carefully to approach it step by step. I have so far changed as little as possible in the config-files as I am told to. All together I am understanding more and more to be able to finally make the setup.
Router config management
Authentifizierung Zeitüberschreitung : (Minuten)
RADIUS-Server IP-Adresse :
RADIUS-Server Port :
RADIUS-Server Shared Secret :
MAC-Adresse Authentifizierung :
Radius-Server Shared Secret: Eine Pass-Phrase, welche mit dem Authentifizierungsserver zusammenpassen muß.
radiusd -v
radiusd: FreeRADIUS Version 1.0.4, for host , built on Sep 13 2005 at 02:15:36
radiusd -X:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
I have also tried out:
/usr/sbin/radexample
/usr/sbin/radlogin
/usr/bin/radclient
/usr/bin/radtest
and find that all together I must be on the right track.
RADEXAMPLE
login: sigbj
Password:
"sigbj" RADIUS Authentication OK
RADLOGIN
($Id: radlogin.c,v 1.3 1997/12/29 23:07:25 lf Exp $)
-----------------------------------------------------
Linux 2.6.13-15.18-default (linux) (port 1)
-----------------------------------------------------
login: sigbj
Password:
RADIUS: Authentication OK
Starting.
RADIUS_FRAMED_COMPRESSION = Van-Jacobson-TCP-IP
RADIUS_FRAMED_PROTOCOL = PPP
RADIUS_FRAMED_MTU = 1500
RADIUS_FILTER_ID = std.ppp
RADIUS_USER_NAME = sigbj
RADIUS_FRAMED_IP_ADDRESS = 192.168.0.198
RADIUS_SERVICE_TYPE = Framed-User
RADIUS_FRAMED_ROUTING = Broadcast-Listen
RADIUS_FRAMED_IP_NETMASK = 255.255.255.0
Unhandled Service-Type
RADCLIENT
radclient -f radius.test 127.0.0.1:1812 auth testing123
Received response ID 95, code 3, length = 20
Received response ID 96, code 3, length = 20
Received response ID 97, code 3, length = 20
RADTEST
radtest sigbj testing 127.0.0.1:1812 1 testing123
Sending Access-Request of id 151 to 127.0.0.1:1812
User-Name = "sigbj"
User-Password = "testing"
NAS-IP-Address = linux
NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=151, length=71
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.0.198
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com
Powered by Outblaze
More information about the Freeradius-Users
mailing list